Articles about Malware

Snowden's anti-snoop tool

NSA whistleblower Ed Snowden and hardware guru Andrew “Bunnie” Huang have designed a gizmo that wraps around your iPhone 6 and alerts you when the mobe unexpectedly leaks your location. Basically, if you put your smartphone into airplane mode – ie: maintain radio silence – to avoid being tracked, the gadget will kick off if …
Shaun Nichols, 21 Jul 2016

Firefox to banish hidden Flash files – and kill off sneaky ad snoopers

Firefox will next month automatically block invisible Flash content that users cannot see when loading a page, says Mozilla as it continues its campaign against Adobe's plugin. This should protect netizens from dodgy webpages that load hidden malicious Flash files that attempt to infect their computers with malware or perform …
Shaun Nichols, 20 Jul 2016

Flaws found in security products from AVG, Symantec and McAfee

Updated Hundreds of security products may not be up to the job, researchers say, thanks to flawed uses of code hooking. The research is the handiwork of EnSilo duo Udi Yavo and Tommer Bitton, who disclosed the bugs in anti-virus and Windows security tools ahead of their presentation at the Black Hat Las Vegas conference next month. …
Darren Pauli, 20 Jul 2016

Carbon Black snaps up cloud-dwelling threat-sniffing 'next-gen AV'

Endpoint security firm Carbon Black has bought "next-generation antivirus" firm Confer. Financial terms of the deal, announced today, were undisclosed. Carbon Black plans to re-badge Confer’s security software as “Cb Defense” and offer it alongside its existing roster of application control, incident response, and threat …
John Leyden, 19 Jul 2016
virus_1_648

Your antivirus doesn't like Ammyy. And fraudsters will use that to RAT you out (again)

Crooks have once again targeted users downloading Ammyy's remote access software as a conduit for spreading malware. The tactic – which has been witnessed before, specifically in the infamous Lurk banking trojan – has been in play since early February, 2016. Ammyy Admin is a legitimate software package (used by top …
John Leyden, 19 Jul 2016
Do the right thing on the internet of things

If managing PCs is still hard, good luck patching 100,000 internet things

Internet of Things (IoT) hype focuses on the riches that will rain from the sky once humanity connects the planet, but mostly ignores what it will take to build and operate fleets of things. And the operational side of things could be hell. “IT can barely keep their desktops patched,” Splunk chief technology officer Snehal …
Simon Sharwood, 19 Jul 2016

Guilt by ASN: Compiler's bad memory bug could sting mobes, cell towers

A vulnerability in a widely used ASN.1 compiler isn't a good thing: it means a bunch of downstream systems – potentially mobile phones and cell towers – will inherit the bug. And an ASN.1 bug is what the Sadosky Foundation in Argentina has turned up, in Objective Systems' software. The research group's Lucas Molas says …

Euro IP study finds 25 Tor-and-Bitcoin-loving pirate business models

Knock us over with a feather: a study by the European Union Intellectual Property Office (EUIPO) has found that those who infringe intellectual property for a living are quite fond of anonymity technologies that cover their tracks. The Office last week emitted a Deloitte-penned study titled Research on Online Business Models …
Simon Sharwood, 18 Jul 2016
image byemo http://www.shutterstock.com/gallery-2659924p1.html

Security firm clarifies power-station 'SCADA' malware claim

Malware hyped as aimed at the heart of power plants is nothing of the sort according to security outfit Damballa, which has put its name to analysis claiming the "SFG" malware is run-of-the-mill code without sufficient smarts to target SCADA systems. The so-called SFG malware is the spawn of Furtim, and hit headlines as …
Darren Pauli, 18 Jul 2016
Image by 9 George http://www.shutterstock.com/gallery-607441p1.html

Extortion trojan watches until crims find you doing something dodgy

A newly-detected piece of malware dubbed "Delilah" has been fingered as probably the first such code created with the intention of extorting victims into stealing insider data. The "Delilah" malware was found on exclusive crime forums by Israeli intelligence outfit Diskin Advanced Technologies, who say the trojan relies on a …
Darren Pauli, 18 Jul 2016

Hackers steal millions from ATMs using 'just their smartphones'

Authorities in Taiwan are trying to work out how hackers managed to trick a network of bank ATMs into spitting out millions. Police suspect that two Russian nationals wearing masks cashed out dozens of ATMs operated by Taiwan's First Bank on Sunday and left the country the following day. The crooks stole an estimated T$70m ($2 …
John Leyden, 15 Jul 2016
Pokemon Go game

Silently clicking on porn ads you can't even see – this could be you...

Security firms have repeated warnings that unofficial versions of Pokemon Go are likely tainted with spyware or trojans. RiskIQ has found more than 215 unofficial versions of the app in more than 21 app stores. Separately security researchers at security software firm ESET warn that the first ever fake lockscreen app on the …
John Leyden, 15 Jul 2016
Bank vault

BAE Systems partners with SWIFT to bolster hacker intel

BAE Systems has been recruited to help SWIFT's newly formed Customer Service Intelligence team in a bid to get ahead of cyber-criminals targeting banks connected to the global financial messaging service. The announcement follows the analysis and identification of malware that BAE Systems’ threat intelligence team was able to …
John Leyden, 15 Jul 2016

Security gurus get behind wheel of driverless car debate

Security experts have already waded into the UK government's consultation into self-driving technologies. The two month session comes against a backdrop of increasing concerns about connected cars. Infosec vendors argue security needs to be considered alongside other issues such as changes to driving regulations (the Highway …
John Leyden, 15 Jul 2016
Man reading newspaper with glasses on his head

Android malware blocks bank calls

Cybercrooks have put together a fake banking application that blocks victims’ outgoing calls to customer service. The Fakebank trojan blocks calls in order to stop victims from cancelling their stolen payment cards. The Android nasty is automatically programmed to cancel calls from being placed. Victims can, of course, use …
John Leyden, 14 Jul 2016
Ben Mezrich, Once Upon a Time in Russia: The Rise of the Oligarchs and the Greatest Wealth in History

Russian gang who exploited hacked bank accounts jailed

Five members of an international money-laundering gang based in London have been jailed after cops unravelled their malware-enabled conspiracy. The gang, composed exclusively of Russian nationals, was led by a pair of men who were both named Aslan. Aslan Abazov, 30, of Cromwell Road, London SW7,was sentenced to seven years …

Exploit kit miscreants rush to plug gap in cyber-crime marketplace

Cybercrooks behind the Sundown Exploit Kit are rapidly updating the hacking tool in a bid to exploit a gap in the market created by the demise of the Angler and Nuclear exploit kits. While RIG and Neutrino have been the primary protagonists in the void left by Angler and Nuclear, Sundown is also vying for an increased share in …
John Leyden, 13 Jul 2016
Rusted car

Next month's Firefox 48 is looking Rusty – and that's a very good thing

Mozilla says it will next month ship the first official Firefox build that sports code written in its more-secure-than-C Rust programming language. The Firefox 48 build – due out August 2 – will include components developed using Rust, Moz's C/C++-like systems language that focuses on safety, speed and concurrency. It's hoped …
Shaun Nichols, 12 Jul 2016
Cthulu emerges from a printer. Image created by illustrator Andy Davies. Copyright: The Register

Webpages, Word files, print servers menacing Windows PCs – yup, it's Patch Tuesday

Microsoft will fix critical holes in Internet Explorer, Edge, Office and Windows with this month's Patch Tuesday security bundle. Meanwhile, Adobe has patched dozens of exploitable vulnerabilities in its Flash player. Redmond's July release includes 11 sets of patches, six rated as "critical" and five classified as "important …
Shaun Nichols, 12 Jul 2016

SCADA malware caught infecting European energy company

Security researchers have identified a strain of malware that has already infected at least one European energy company. The malware, dubbed SFG, is related to an earlier sample called Furtim, that created a backdoor on targeted industrial control systems. This backdoor might be used to deliver a payload which could be used to …
John Leyden, 12 Jul 2016
Image by gyn9037 http://www.shutterstock.com/gallery-691846p1.html

Nukeware: New malware deletes files and zaps system settings

Lazy but sneaky cybercrooks are slinging a new ransomware variant that falsely claims to have encrypted files when in reality it has deleted them. Ranscam tricks victims by falsely claiming that files have been moved onto an hidden, encrypted partition. In reality the malware has deleted files and comprehensively messed with …
John Leyden, 12 Jul 2016
Grandmotherly woman knits. Photo by shutterstock

Florida U boffins think they've defeated all ransomware

Researchers from the University of Florida and Villanova University reckon ransomware can be stopped by watching what it's doing to the target's files. Taking a “save what you can” approach, the authors of this PDF reckon in their tests they were able to lower the boom on ransomware when it had encrypted just 0.2 per cent of …

Pokemon Go oh no no no, we're not reading your email, says gamemaker

Final update This was a developing story: read through to the updates for the full scoop. Smash-hit mobile game Pokemon Go's catchphrase is "you gotta catch 'em all" – gotta catch all your Google accounts, it seems. As spotted today by IT architect Adam Reeve, the ultra-popular monster-catching vitamin-D-injecting exercise-encouraging …
Shaun Nichols, 11 Jul 2016

Omni-shambles! Card-stealing malware checks into US hotel chain

Yet another US hotel chain has admitted malware infected its computer systems and stole guests' bank card information. Omni Hotels said today [PDF] an attacker managed to infiltrate its IT network and inject a software nasty into its payment terminals that siphoned off copies of people's credit and debit cards. The malware …
Shaun Nichols, 11 Jul 2016

EU cybersecurity directive will reach Britain, come what May

The passage of the EU Directive on the Security of Network and Information Systems (NIS) will have a profound effect on corporate security across Europe and even in Britain, despite the Brexit vote. The NIS Directive applies to organisations that provide elements of a country’s critical national infrastructure – i.e. operators …
John Leyden, 11 Jul 2016
A dog wearing glasses, on a park bench reading the news paper

Scammers gotta catch em all

Survey scams have joined potential muggings and malware as another peril for Pokémon Go fans. A pitch promising Pokécoins (the microtransaction currency) doing the rounds is actually a ruse designed to trick victims into visiting a scam site. Prospective marks are invited to fill in a variety of survey on the pre-text of a non …
John Leyden, 11 Jul 2016
Daleks in Doctor Who – Witch's Familiar. Pic credit: BBC

Drowning Dalek commands Siri in voice-rec hack attack

University boffins have brewed one of the most complex mechanisms for loading malware onto phones by way of surreptitious Google Now and Siri voice commands hidden in YouTube videos. For the attack to work, phones need to be in a state where they can receive voice commands - a feature often left unlocked - and close enough to …
Darren Pauli, 11 Jul 2016

Lurk trojan takedown also took out Angler exploit kit

Security researchers have discovered a possible link between the demise of the Angler Kit and a crackdown against the Lurk banking trojan crew. In June, a group of individuals was arrested in Russia for using Lurk to target Russian banks. Cisco Talos researchers noticed that within a week of the arrests, Angler had disappeared …
John Leyden, 11 Jul 2016
Image composite Alex Yeung, NesaCera, NesaCera Shutterstock

White hat banned for revealing vulns in news sites used by London councillors

Security consultant Andrew Tierney has claimed that web platform NeighbourNET contains nasty vulnerabilities that could compromise users. The company's sites are used for local news services, often by councils and councillors to communicate with residents. London districts favoured with sites powered by the service include …
Darren Pauli, 11 Jul 2016
Pokemon toys

Teen thugs lure, rob Pokemon Go gamers

Enterprising teen thugs have used a feature in the virally-popular Pokemon Go mobile game to lure and rob gamers. The mobile app, released last week, uses augmented reality to overlay Pokemon around the real world, requiring players to walk around to collect the famed characters. Police at the US State of Missouri's O’Fallon …
Darren Pauli, 10 Jul 2016
Pokemon toys

Android Mew-ware, I choose you: Code nasty poses as Pokemon GO

Mind those downloads from non-official app stores: Android malware has been spotted posing as knockoff copies of the popular Pokemon GO game. According to a report from security biz Proofpoint, repackaged versions of the game have been found carrying a software nasty that grants remote-control access of infected devices to …
Shaun Nichols, 08 Jul 2016
Cymmetria report

Copy paste slacker hackers pop corp locks in ode to stolen code

The ultimate copy paste slacker hacker group has busted security controls in some 2500 corporates and government agencies using nothing but stolen code. The targets focus on those affiliated with military and political assignments around Southeast Asia and the contentious South China Sea, and may have been compromised in a …
Darren Pauli, 08 Jul 2016

1 in 20 Wendy's burger joints hacked? No, make that 1 in 3 – 1,025 in total

Wendy's has 'fessed up that the malware infection in its cash registers, first thought to have impacted 300 restaurants, hit more like 1,000 outlets, and says an unnamed service provider let the attackers into its systems. The American fast-food chain has owned up that the number of its stores in the US with bank-card snooping …
IMage by Vadim Ivanov http://www.shutterstock.com/gallery-771946p1.html

Loose wrists shake chips: Your wrist-job could be a PIN-snitch

Chinese scientists have brewed a way to steal -- with 80 percent accuracy -- automatic teller machine PINs by infecting wearable devices. Five university boffins demonstrated the trick in a laboratory, finding even the slight hand movements a person makes while entering PINs can be captured through infected smart watches. The …
Darren Pauli, 07 Jul 2016

Unmasking malware in TLS connections? It can be done, say Cisco researchers

A group of researchers who work for Cisco* reckons malicious traffic in TLS tunnels can be spotted and blocked – without decrypting user traffic. That's good news in the corporate setting, because today's protection relies on the controversial approach of terminating the encryption to inspect the traffic. In this paper at …

⌘+c malware smacks Macs, drains keychains, pours over Tor

More malware capable of pilfering Mac keychain passwords and shipping them over Tor has been turned up, less than a day after a similar rare trojan was disclosed. Dubbed Keydnap, the malware is delivered as a compressed Mach-O file with a txt or jpg extension, with a hidden space character which causes it to launch in terminal …
Darren Pauli, 07 Jul 2016
Image composite Titima Ongkantong, Stephen Marques, Shutterstock

Outed China ad firm infects 10m Androids, makes $300k a month

Net scum behind the Hummingbird Android malware are raking in a mind-boggling US$300,000 (£233,125, A$404,261) a month through illegitimate advertising and app downloads from a whopping 10 million infected devices. The offending group, known as Yingmob, is an offshoot of a legitimate Chinese advertising analytics firm with …
Darren Pauli, 06 Jul 2016
Cartoon - Private SNAFU

TP-Link abandons 'forgotten' router config domains

TP-Link, rather than recovering domains it forgot to renew, is going to abandon them. The domains in question are tplinklogin.net and tplinkextender.net. They offered configuration services for buyers of the company's home routers and Wi-Fi link extenders, and are identified on stickers on some devices (not all: two TP-Link …
Dolphins swimming

Dolphin fans freak, blast browser's bumbling bundles of bloatware

The Dolphin mobile browser is feeling the wrath of netizens angry over the new extensions being bundled with the app. A Reg reader points out that the mobile browser has been hit with a string of one-star reviews and criticism from people who say they've had unwanted apps being installed alongside the browser, including a …
Shaun Nichols, 06 Jul 2016

EasyDoc malware adds Tor backdoor to Macs for botnet control

Security firm Bitdefender has issued an alert about a malicious app that hands over control of Macs to criminals via Tor. The software, called EasyDoc Converter.app, is supposed to be a file converter but doesn't do its advertised functions. Instead it drops complex malware onto the system that subverts the security of the …
Iain Thomson, 05 Jul 2016
Illustration of a man with a beard reading a tablet

Brexit-themed spam surges

Symantec has uncovered a fivefold (392 per cent) increase in spam emails that use Brexit as a news hook. Cybercriminals have latched onto Brexit as a theme simply because it’s topical and likely to get the attention of prospective marks. These lures are ultimately geared towards tricking people into divulging sensitive …
John Leyden, 05 Jul 2016

Word hole patched in 2012 is 'unchallenged' king of Office exploits

Possibly the most exploited unchallenged Microsoft Office vulnerability of the last decade was found and patched in 2012. Sophos threat researcher Graham Chantry says the longevity of the dusty bug affecting Office 2003, 2007, and 2010, is thanks to its constant adaptation by exploit kit authors, and a pervasive unwillingness …
Darren Pauli, 05 Jul 2016

Researcher pops locks on keylogger, finds admin's email inbox

Trustwave researcher Rodel Mendrez has gained access to the inbox of the criminal behind a commercial keylogger used to attack industries including finance, cloud services, logistics, foreign trade, and government. Mendrez's reverse engineering effort found credentials buried within the Hawkeye keylogger that lead through …
Darren Pauli, 05 Jul 2016
Facebook's Mark Zuckerberg, speaking at the 2015 F8 conference

Israel's security minister suckers Zucker for Facebook'ed killings

Israel's Public Security Minister Gilad Erdan has blamed Facebook founder Mark Zukerberg for the killing of Hallel Ariel and Michael Marks. The Minister told local program Meet the Press Facebook does not do enough to alert security forces to terrorist-related posts after Ariel's killer Muhammad Tarari posted to the social …
Darren Pauli, 05 Jul 2016

Klepto Zepto could steal millions in looming ransomware wave

A dangerous new ransomware variant based on the Locky ransomware has security experts worried. The Zepto malware has been carried in nearly 140,000 spam messages sent over four days last week. The ransomware appears to have Locky's capabilities which could make it one of the more dangerous encryption lockers in circulation. …
Darren Pauli, 04 Jul 2016

One in 200 enterprise handsets is infected

If your enterprise has 200 mobile devices at least one is infected, so says security firm Skycure The Palto Alto firm has uncovered previous nasty Apple bugs, including the No iOS Zone flaw reported by El Reg last year. All told about three percent of the locked-down vanilla Cupertino devices are infected, the company says in …
Darren Pauli, 04 Jul 2016

Hackers: Ditch the malware, we're in... Just act like a normal network admin. *Whistles*

Hackers almost exclusively use standard network admin tools to move around a compromised network once they’ve broken in using malware or other hacking techniques. Researchers at security startup LightCyber found that 99 per cent of post-intrusion cyberattack activities did not employ malware, but rather employed standard …
John Leyden, 30 Jun 2016
Curser icon over a news paper folded

Android 'ransomware surge'

Ransomware attacks on Android devices running Kaspersky Lab's security software increased almost four-fold in a little more than a year, we're told. File-scrambling malware attempted to infiltrate 136,532 Kaspersky-protected Android users' gadgets at least once between April 2015 and March 2016, compared to 35,413 users in …
John Leyden, 30 Jun 2016

Honey, why are porno apps on your Android?! Er, um, malware did it!

Security researchers are warning about the continuing spread of Hummer, a powerful trojan that roots handsets, downloads pornographic applications, and displays pop-up ads at random intervals. Hummer first came up on the logs of Cheetah Mobile's security team in August 2014, but spent eight months in obscurity before starting …
Iain Thomson, 29 Jun 2016
A bowl of Noodles

While you filled your face at Noodles and Co, malware was slurping your bank cards

American fast-food chain Noodles and Company says malware got into its sales registers, allowing it to slurp customers' payment card numbers. The biz admitted today that hundreds of restaurants in 28 US states were infected with card-stealing software nasties that harvested customer card names, numbers, expiration dates, and …
Shaun Nichols, 29 Jun 2016